ITC Awards
Menu
Ransomware takes evolutionary step and targets websites

Ransomware takes evolutionary step and targets websites

New instances of Cryptowall targeting outdated browser plugins

Comments
Ransom goes rampant
If 2013 was the year of the personal data breach, then 2014 is shaping up to be the year of digital hostages and ransomware. Malicious software that threatens to ruin your PC if you don’t pay a certain amount of money is an old game, but hackers upped the stakes in the early part of 2014. In late May, iOS users around the world woke up to find their iDevices locked via Apple's Find My iPhone service, with hackers demanding money to restore them. Then in June, security firm ESET found the first example of file-encrypting ransomware on Android. Sites like project-management web app Basecamp were also held ransom unless they paid up to stop distributed denial of service (DDoS) attacks.

Ransom goes rampant
If 2013 was the year of the personal data breach, then 2014 is shaping up to be the year of digital hostages and ransomware. Malicious software that threatens to ruin your PC if you don’t pay a certain amount of money is an old game, but hackers upped the stakes in ...

One of the most malicious and effective forms of malware, Ransomware, appears to have taken the next evolutionary step and has now been found embedded in websites.

This latest incantation, labelled Linux.Encoder.1 by Russian security firm Dr.Web, targets sites powered by the Linux operating system.

Romanian-based security vendor, Bitdefender, said in a blog post that Linux.Encoder.1 is executed on the victim’s Linux box after remote attackers leverage a flaw in the popular Magento content management system app, a client for ecommerce payments.

“Just like Windows-based ransomware, it encrypts the contents of these files using AES (a symmetric key encryption algorithm), which provides enough strength and speed while keeping system resources usage to a minimum,” the company said.

The vulnerability in Magneto was identified by security firm CheckPoint in April 2015 and Magneto released a patch soon after. The recent infections have been attributed to unpatched systems still susceptible to infection.

The main issue for attackers and saviour for some victims with this new form of ransomware, called Cryptowall 4.0, is the way it encrypts files. Bitdefender said its research teams had discovered that instead of generating secure random keys and IVs, the sample would derive these two pieces of information from the libc rand() function seeded with the current system timestamp at the moment of encryption.

“This information can be easily retrieved by looking at the file’s timestamp. This is a huge design flaw that allows retrieval of the AES key without having to decrypt it with the RSA public key sold by the Trojan’s operator(s).”

Follow Us

Join the ARN newsletter!

Error: Please check your email address.

Tags CheckpointLinux.Encoder.1WindowsCryptoWallWebsitesransomware. Linuxbitdefenderrsa

iasset.com is a channel management ecosystem that automates all major aspects of the entire sales, marketing and service process, including data tracking, integrated learning, knowledge management and product lifecycle management.

Show Comments